Bob Mixon has a good post about the security & UI in SharePoint… specifically why the development team chose their current implementation of showing users everything and telling them when they don’t have access.